CVE-2009-4029

Name of the Vulnerable Software and Affected Versions GNU Automake versions 1.11.1, 1.10.3 GNU Automake release branches branch-1-4 through branch-1-9

Description The issue in GNU Automake allows local users to introduce a race condition, enabling them to modify package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. This is due to insecure permissions (777) being assigned to directories in the build tree when producing a distribution tarball for a package that uses Automake.

Recommendations For GNU Automake versions 1.11.1 and 1.10.3, consider updating to a version that does not assign insecure permissions to directories in the build tree. For GNU Automake release branches branch-1-4 through branch-1-9, consider updating to a version that does not assign insecure permissions to directories in the build tree. At the moment, there is no information about a newer version that contains a fix for this vulnerability.